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The following list of the claims replaces all prior versions and lists of the claims in this 
application. 

1 . (Previously Presented) A computer implemented method for inserting a new access 
rule into an access control list for enforcing policies and permissions for controlling access to 
various network resources, the list configured to contain independent rule blocks having ordered 
access rules, the method comprising: 

if the list is empty, creating a new independent rule block and inserting the new access 
rule therein; 

if the list is not empty, creating from the list a set of mapped independent rule blocks; 
for each block in the set, attempting to determine a position for the new access rule; 
removing from the set those blocks for which a position cannot be determined; and 
merging the blocks in the set to form a new independent rule block and inserting the new 
access rule therein; 

and applying the access rules in the list to enforce policies and permissions to control 
access to various network resources. 

2. (Previously Presented) The computer implemented method of claim 1 wherein 
creating from the list a set of mapped independent rule blocks comprises selecting all blocks in 
the list having at least one rule that is not disjoint with the new access rule. 

3. (Previously Presented) The computer implemented method of claim 1 wherein 
attempting to determine a position for the new access rule comprises: 

comparing each existing rule in the rule block to the new access rule; and 
if all existing rules have been compared against the new access rule and no determination 
has been made, and if the new access rule is not disjoint with at least one existing rule in the rule 
block, determining a position for the new access rule that is at the end of the block, otherwise, 
determining that there is no position for the new rule in the rule block. 
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4. (Previously Presented) The computer implemented method of claim 3 wherein 
comparing each existing rule in the rule block to the new access rule comprises: 

if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the same 
action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not perform the 
same action, resolving the conflict between the new access rule and the existing rule; 

if the existing rule is a subset of the new access rule and the two rules perform the same 
action, determining a position for the new access rule that is in the place of the existing rule and 
removing the existing rule from the block; 

if the existing rule is a subset of the new access rule and the two rules do not perform the 
same action, resolving the conflict; 

if the new access rule and the existing rule are not disjoint, neither is a subset of the other, 
and the two rules have the same action, continuing to the next comparison; and 

if the new access rule and the existing rule are not disjoint, neither is a subset of the other, 
and the two rules do not have the same action, resolving the conflict. 

5. (Previously Presented) The computer implemented method of claim 4 wherein 
resolving the conflict if the new access rule is a subset of the existing rule and the two rules do 
not perform the same action further comprises: 

if the new access rule takes priority, determining a position for the new access rule that is 
immediately before the existing rule; and 

if the existing rule takes priority, removing the block from the set of mapped independent 
rule blocks. 

6. (Previously Presented) The computer implemented method of claim 4 wherein 
resolving the conflict if the existing rule is a subset of the new access rule and the two rules do 
not perform the same action further comprises: 

if the new access rule takes priority, determining a position for the new access rule that is 
in the place of the existing rule and removing the existing rule from the block; and 
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if the existing rule takes priority, designating a position in the block for the new access 
rule that is immediately behind the existing rule. 



7. (Previously Presented) The computer implemented method of claim 4 wherein 
resolving the conflict if the new access rule and the existing rule are not disjoint, neither is a 
subset of the other, and the two rules do not have the same action further comprises; 

if the new access rule takes priority, placing the new access rule in a position occupied by 
the existing rule; and 

if the existing rule takes priority, continuing to the next comparison. 

8. (Previously Presented) The computer implemented method of claim 4 wherein 
resolving the conflict comprises establishing a priority based on predefined rules. 

9. (Previously Presented) The computer implemented method of claim 4 wherein 
resolving the conflict comprises establishing a priority based on user input. 

10. (Previously Presented) The computer implemented method of claim 1 wherein 
merging the blocks in the set to form a new independent rule block and inserting the new access 
rule therein comprises: 

placing all rules from every block in the set which are positioned ahead of the new access 
rule in front of the new access rule in the new block; and 

placing all rules from every block in the set which are positioned after the new access 
rule behind the new access rule in the new block. 

1 1 . (Previously Presented) The computer implemented method of claim 1 further 
comprising removing an existing rule, wherein the removing includes: 

searching for the existing rule to be removed based on an identification number 
associated with the existing rule; and 
removing the rule. 
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12. (Currently Amended) A computer system comprising: 
a computer system, including a processor; 

a rule base , stored on a computer-readable medium, containing an access control list 
configured to hold independent rule blocks having ordered access rules, the rules for enforcing 
policies and permissions for controlling access to various network resources; 

a rule enforcing engine , executed by the processor, for enforcing the rules in the access 
control list to control access to various network resources; and 

a rule insertion engine , executed by the processor, configured to execute instructions for 
inserting a new access rule into the access control list, the instructions comprising: 

if the access control list is empty, creating a new independent rule block and 
inserting the new access rule therein; and 

if the access control list is not empty, creating from the access control list a set of 
mapped independent rule blocks; 

if the set is empty, creating a new independent rule block and inserting the new 
access rule therein; and 

merging the blocks in a subset of the set comprising those blocks for which a 
position for the new access rule can be determined, and inserting the new access rule therein. 

13. (Original) The system of claim 12 wherein creating a set of mapped independent 
rule blocks comprises evaluating each independent rule block in the access control list and 
determining whether there is an existing access rule in the independent rule block that is not 
disjoint with the new access rule. 

14. (Original) The system of claim 12 wherein determining a position for the new access 
rule comprises: 

comparing each existing rule in the independent rule block to the new access rule; and 
if all existing rules have been compared against the new access rule and no position has 
been determined, designating a position for the new access rule that is at the end of the block. 

1 5. (Original) The system of claim 14 wherein comparing each existing rule in the 
independent rule block to the new access rule comprises: 
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if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the same 
action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not perform the 
same action, determining a priority between the new access rule and the existing rule; 

if the existing rule is a subset of the new access rule and the two rules perform the same 
action, determining a position for the new access rule that is in the place of the existing rule and 
removing the existing rule from the block; 

if the existing rule is a subset of the new access rule and the two rules do not perform the 
same action, determining a priority between the existing rule and the new access rule; 

if the new access rule and the existing rule are not disjoint, neither is a subset of the other, 
and both have the same action, continuing to the next comparison; and 

if the new access rule and the existing rule are not disjoint, neither is a subset of the other, 
and the two rules do not have the same action, determining a priority between the existing rule 
and the new access rule. 

16. (Original) The system of claim 15 wherein determining a priority comprises the use 
of predetermined rules. 

17. (Original) The system of claim 15 wherein determining a priority comprises 
accepting user input to determine priority. 

1 8. (Original) The system of claim 12 wherein removing the rule comprises searching 
for the rule to be removed based on an identification number associated with the rule and 
removing the rule. 

19. (Original) The system of claim 12 wherein merging the blocks in a subset 
comprises: 

placing all rules from every block in the subset which have a position ahead of the rule 
being inserted in front of the new access rule in the new block; and 
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placing all rules from every block in the subset which have a position after the new 
access rule being inserted behind the new access rule in the new block. 



20. (Previously Presented) A computer readable medium comprising computer 
executable instructions for inserting a new access rule into an access control list containing 
independent rule blocks having ordered access rules for enforcing policies and permissions for 
controlling access to various network resources, the instructions comprising: 

creating a new independent rule block and inserting the rule therein if the list is empty; 

creating from the list a set of mapped independent rule blocks if the list is not empty; 

determining a position for the new access rule for each block in the set and removing 
from the set those blocks for which a position cannot be determined; and 

merging the blocks in the set to form a new independent rule block and inserting the rule 
therein; and 

applying the rules to enforce policies and permissions regarding access to various 
network resources. 

21 . (Original) The computer readable medium of claim 20 wherein creating the set of 
mapped independent rule blocks includes selecting all blocks in the list having at least one rule 
that is not disjoint with the new access rule. 

22. (Original) The computer readable medium of claim 20 wherein determining a 
position for the new access rule includes comparing each existing rule in the rule block to the 
new access rule and, for each comparison: 

if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the same 
action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not perform the 
same action, resolving the conflict between the new access rule and the existing rule, and if the 
new access rule takes priority, assigning a position of the existing rule to the new access rule, 
and if the existing rule takes priority, not assigning a position to the new access rule; 
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if the existing rule is a subset of the new access rule and the two rules perform the same 
action, assigning a position of the existing rule to the new access rule; 

if the existing rule is a subset of the new access rule and the two rules do not perform the 
same action, determining which of the new access and existing rules has priority and, if the new 
access rule takes priority, assigning a position of the existing rule to the new access rule, and if 
the existing rule takes priority, assigning a position in the block for the new access rule that is 
immediately behind the existing rule; 

if the new access rule and the existing rule are not disjoint, neither is a subset of the other, 
and the two rules do not have the same action, determining which of the new access and existing 
rules has priority and, if the new access rule takes priority, assigning a position of the existing 
rule to the new access rule; and 

if all existing rules have been compared against the new access rule and no determination 
has been made, determining a position for the new access rule that is at the end of the block. 

23. (Original) The computer readable medium of claim 21 wherein determining which 
of the new access and existing rules has priority is based at least partly on user determined 
criteria. 

24. (Original) The computer readable medium of claim 20 wherein merging the blocks 
in the set to form a new independent rule block and inserting the rule therein comprises; 

placing all rules from every block in the set which have a position ahead of the rule being 
inserted in front of the new access rule in the new block; and 

placing all rules from every set which placed after the rule being inserted behind the new 
access rule in the new block. 

25. (Original) The computer readable medium of claim 20 wherein removing the rule 
comprises searching for the rule in the list based on a unique identification number and removing 
the rule. 
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